Associate Cloud Engineer Exam | Replicating IAM Roles in a New Google Project

Replicating IAM Roles in a New Google Project

Prev Question Next Question

Question

You have a development project with appropriate IAM roles defined.

You are creating a production project and want to have the same IAM roles on the new project, using the fewest possible steps.

What should you do?

Answers

A. Use gcloud iam roles copy and specify the production project as the destination project.

B. Use gcloud iam roles copy and specify your organization as the destination organization.

C. In the Google Cloud Platform Console, use the ˜create role from role` functionality.

D. In the Google Cloud Platform Console, use the ˜create role` functionality and select all applicable permissions.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://cloud.google.com/sdk/gcloud/reference/iam/roles/copy

The correct answer is A. Use gcloud iam roles copy and specify the production project as the destination project.

Explanation:

IAM roles are used to grant permissions to users, groups, and service accounts in Google Cloud. Roles define a set of permissions, and they can be granted to users or groups at the project, folder, or organization level.

When you create a new Google Cloud project, it does not have any IAM roles defined by default. If you have already defined IAM roles for a development project, and you want to use the same roles for a new production project, you can copy the roles using the gcloud command-line tool.

Option A: Use gcloud iam roles copy and specify the production project as the destination project.

This option is the correct answer because it allows you to copy the IAM roles from the development project to the production project in the fewest possible steps. The gcloud iam roles copy command allows you to copy an existing role from one project to another. To use this command, you will need to have the appropriate permissions on both the source and destination projects.

Option B: Use gcloud iam roles copy and specify your organization as the destination organization.

This option is not the best choice because it is not clear if you have an organization set up. Additionally, copying roles to an organization is not supported by the gcloud iam roles copy command.

Option C: In the Google Cloud Platform Console, use the create role from role' functionality.

This option is not the best choice because it requires you to create new roles in the production project by copying from the development project manually. It will take more steps than copying the existing roles with the gcloud command.

Option D: In the Google Cloud Platform Console, use the create role' functionality and select all applicable permissions.

This option is not the best choice because it requires you to manually create new roles in the production project and select all the applicable permissions. It will take more time and effort than copying the existing roles with the gcloud command. Additionally, it is possible that you might forget to select some of the permissions that were present in the development project roles.

Prev Question Next Question